chore: Normalize Origin header in CORS middleware dan update test_cors
This commit is contained in:
mwpn
@@ -34,10 +34,12 @@ $response1->getBody()->write(json_encode(['status' => 'ok']));
|
||||
$middleware = new CorsMiddleware();
|
||||
$handler = new class($response1) implements \Psr\Http\Server\RequestHandlerInterface {
|
||||
private $response;
|
||||
public function __construct($response) {
|
||||
public function __construct($response)
|
||||
{
|
||||
$this->response = $response;
|
||||
}
|
||||
public function handle(\Psr\Http\Message\ServerRequestInterface $request): \Psr\Http\Message\ResponseInterface {
|
||||
public function handle(\Psr\Http\Message\ServerRequestInterface $request): \Psr\Http\Message\ResponseInterface
|
||||
{
|
||||
return $this->response;
|
||||
}
|
||||
};
|
||||
@@ -52,17 +54,19 @@ foreach ($result1->getHeaders() as $name => $values) {
|
||||
}
|
||||
|
||||
// Test 2: Origin yang tidak ada di .env
|
||||
echo "\nTest 2: Origin 'http://example.com' (tidak ada di .env):\n";
|
||||
echo "\nTest 2: Origin 'http://retribusi.btekno.cloud' (tidak ada di .env):\n";
|
||||
$request2 = $requestFactory->createServerRequest('GET', '/health')
|
||||
->withHeader('Origin', 'http://example.com');
|
||||
->withHeader('Origin', 'http://retribusi.btekno.cloud');
|
||||
|
||||
$response2 = $responseFactory->createResponse(200);
|
||||
$handler2 = new class($response2) implements \Psr\Http\Server\RequestHandlerInterface {
|
||||
private $response;
|
||||
public function __construct($response) {
|
||||
public function __construct($response)
|
||||
{
|
||||
$this->response = $response;
|
||||
}
|
||||
public function handle(\Psr\Http\Message\ServerRequestInterface $request): \Psr\Http\Message\ResponseInterface {
|
||||
public function handle(\Psr\Http\Message\ServerRequestInterface $request): \Psr\Http\Message\ResponseInterface
|
||||
{
|
||||
return $this->response;
|
||||
}
|
||||
};
|
||||
@@ -89,10 +93,12 @@ $request3 = $requestFactory->createServerRequest('OPTIONS', '/health')
|
||||
$response3 = $responseFactory->createResponse(200);
|
||||
$handler3 = new class($response3) implements \Psr\Http\Server\RequestHandlerInterface {
|
||||
private $response;
|
||||
public function __construct($response) {
|
||||
public function __construct($response)
|
||||
{
|
||||
$this->response = $response;
|
||||
}
|
||||
public function handle(\Psr\Http\Message\ServerRequestInterface $request): \Psr\Http\Message\ResponseInterface {
|
||||
public function handle(\Psr\Http\Message\ServerRequestInterface $request): \Psr\Http\Message\ResponseInterface
|
||||
{
|
||||
return $this->response;
|
||||
}
|
||||
};
|
||||
@@ -112,4 +118,3 @@ echo "\nJika Test 1 tidak ada CORS headers, kemungkinan:\n";
|
||||
echo "1. PHP-FPM belum di-restart setelah perubahan code\n";
|
||||
echo "2. Opcache masih cache code lama (clear opcache)\n";
|
||||
echo "3. Check error log: tail -f /www/wwwlogs/api.btekno.cloud.error.log\n";
|
||||
|
||||
|
||||
@@ -47,6 +47,15 @@ class CorsMiddleware implements MiddlewareInterface
|
||||
): ResponseInterface {
|
||||
$origin = $request->getHeaderLine('Origin');
|
||||
|
||||
// Normalize origin (strip path if someone sends invalid Origin)
|
||||
if ($origin && str_contains($origin, '/')) {
|
||||
$parsed = parse_url($origin);
|
||||
if (isset($parsed['scheme'], $parsed['host'])) {
|
||||
$origin = $parsed['scheme'] . '://' . $parsed['host']
|
||||
. (isset($parsed['port']) ? ':' . $parsed['port'] : '');
|
||||
}
|
||||
}
|
||||
|
||||
// Handle preflight OPTIONS request
|
||||
if ($request->getMethod() === 'OPTIONS') {
|
||||
$responseFactory = new ResponseFactory();
|
||||
@@ -132,4 +141,3 @@ class CorsMiddleware implements MiddlewareInterface
|
||||
return $this->allowedOrigins[0] ?? null;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user